Skip to content
This repository has been archived by the owner on Jul 12, 2023. It is now read-only.

Add random padding to responses #490

Merged
merged 2 commits into from
Sep 8, 2020
Merged

Add random padding to responses #490

merged 2 commits into from
Sep 8, 2020

Conversation

sethvargo
Copy link
Member

I'm open to what arbitrary upper bound we put

Release Note

Include random padding bytes in API responses. Clients should not process these bytes.

/hold to make sure it won't break clients

/assign @mikehelmick

@google-cla google-cla bot added the cla: yes Auto: added by CLA bot when all committers have signed a CLA. label Sep 8, 2020
mikehelmick
mikehelmick reviewed Sep 8, 2020
View reviewed changes
pkg/api/api.go Outdated
// MarshalJSON is a custom JSON marshaler for padding. It generates and returns
// a random number of base64-encoded bytes.
func (p Padding) MarshalJSON() ([]byte, error) {
bi, err := rand.Int(rand.Reader, big.NewInt(256))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think random in a range would be good - 1-2kb maybe

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i.e. the padding is enough to obscure any actual responses

@google-oss-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mikehelmick, sethvargo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [mikehelmick,sethvargo]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@google-oss-robot google-oss-robot merged commit c43e7c0 into main Sep 8, 2020
@google-oss-robot google-oss-robot deleted the sethvargo/padding branch September 8, 2020 17:49
@google google locked and limited conversation to collaborators Oct 6, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mikehelmick mikehelmick mikehelmick approved these changes

@jeremyfaller jeremyfaller Awaiting requested review from jeremyfaller

@whaught whaught Awaiting requested review from whaught

Assignees

@mikehelmick mikehelmick

Labels
cla: yes Auto: added by CLA bot when all committers have signed a CLA.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sethvargo @google-oss-robot @mikehelmick